<html>
<head><meta charset="utf-8"><title>Security as 2019 goal · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html">Security as 2019 goal</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="151049514"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151049514" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151049514">(Dec 06 2018 at 22:38)</a>:</h4>
<p>A call for roadmap blogposts is now open: <a href="https://blog.rust-lang.org/2018/12/06/call-for-rust-2019-roadmap-blogposts.html" target="_blank" title="https://blog.rust-lang.org/2018/12/06/call-for-rust-2019-roadmap-blogposts.html">https://blog.rust-lang.org/2018/12/06/call-for-rust-2019-roadmap-blogposts.html</a><br>
I believe security is important enough and neglected enough to qualify as one. I'm okay at presenting ideas (see <a href="https://medium.com/@shnatsel" target="_blank" title="https://medium.com/@shnatsel">https://medium.com/@shnatsel</a>), I guess I could write one if we have a clear list of problems we want to be addressed. So let's brainstorm one!</p>



<a name="151049524"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151049524" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151049524">(Dec 06 2018 at 22:38)</a>:</h4>
<p>The ones I'm aware of are:</p>
<ul>
<li>There is no mechanism for propagation of security updates. Cargo-audit is great, but obscure. It should be dead simple and work out of the box.</li>
<li>The security story for stdlib is pretty bad. The two stdlib CVEs to date have been introduced during refactoring and found mostly by accident. Seeing as there is no systematic effort to prevent those, there are probably many more such bugs both already lurking in the codebase and being introduced as it develops. We need some kind of systematic measures for continuously preventing those.</li>
</ul>



<a name="151049653"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151049653" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151049653">(Dec 06 2018 at 22:40)</a>:</h4>
<ul>
<li>Many popular libs still use 1-2 <code>unsafe</code> blocks even though they're not doing anything inherently unsafe, they just need that for efficiency. A systematic effort to eliminate ad-hoc <code>unsafe</code> in popular libs would be great, possibly by creating a safe abstraction to serve a recurring use case that requires <code>unsafe</code> or guidelines on how to structure code so that <code>unsafe</code> is not required</li>
</ul>



<a name="151062376"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151062376" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151062376">(Dec 07 2018 at 03:31)</a>:</h4>
<p>I like this idea! We could even potentially publish the post under the aegis of this WG, which would help spread awareness about its existence.</p>



<a name="151062435"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151062435" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151062435">(Dec 07 2018 at 03:32)</a>:</h4>
<p>Re: propagation of security updates: I think perhaps the way to sell this is that programmers shouldn't have to think about whether their dependencies have vulnerabilities - the tooling should just automatically notice when crate versions have been marked vulnerable, and should take appropriate action. It's spiritually related to the idea that programmers shouldn't have to worry about memory safety; it should just be handled by the language.</p>



<a name="151141256"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151141256" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151141256">(Dec 07 2018 at 20:50)</a>:</h4>
<p>Oh yeah, publishing it on behalf of the WG would be neat. This is probably a good occasion to make a WG blog ;)</p>



<a name="151901007"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/151901007" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#151901007">(Dec 16 2018 at 23:03)</a>:</h4>
<p>I'm also thinking of specifically excluding the "protect against malicious dependencies" as a 2019 goal. Rationale: it is an unsolved problem in general, even in very sandbox-friendly languages such as JavaScript, and it is not realistic to invent, thoroughly test and commit to indefinite support of a solution to it in just one year.</p>



<a name="152225685"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152225685" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> snf <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152225685">(Dec 20 2018 at 01:01)</a>:</h4>
<p>Nice, I'm writing a Rust 2019 for security and came here to check if anyone else was writing one too</p>



<a name="152227479"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152227479" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152227479">(Dec 20 2018 at 01:45)</a>:</h4>
<p>I have a WIP one about crate/package security <span class="emoji emoji-1f609" title="wink">:wink:</span></p>



<a name="152227535"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152227535" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152227535">(Dec 20 2018 at 01:46)</a>:</h4>
<p>so far it's mostly a survey of what has and hasn't worked for other languages, and things that might help Rust</p>



<a name="152350160"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152350160" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152350160">(Dec 21 2018 at 18:44)</a>:</h4>
<p>I'm in the exactly right state of mind to write about how everything is broken and needs fixing ASAP, so I'll probably start drafting it in an hour or so</p>



<a name="152351957"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152351957" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152351957">(Dec 21 2018 at 19:16)</a>:</h4>
<blockquote>
<p>it is an unsolved problem in general, even in very sandbox-friendly languages such as JavaScript</p>
</blockquote>
<p>There are some pretty nice solutions in the JS ecosystem... namely SES</p>



<a name="152351994"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152351994" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152351994">(Dec 21 2018 at 19:16)</a>:</h4>
<p>would've been nice if Node would've found a more secure way to undo the JS sandbox. alas</p>



<a name="152352061"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352061" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352061">(Dec 21 2018 at 19:18)</a>:</h4>
<p>Rust has <code>unsafe</code> to lean on as a core modeling dimension for that sort of thing, which IMO makes it unique</p>



<a name="152352419"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352419" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352419">(Dec 21 2018 at 19:22)</a>:</h4>
<p>there have also been some interesting research projects about that sort of thing in the JS ecosystem which may be applicable to Rust</p>



<a name="152352441"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352441" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352441">(Dec 21 2018 at 19:23)</a>:</h4>
<p>I'll be covering this in my post, but here's one of them: <a href="https://www.cs.umd.edu/~aseem/tsstar-tr.pdf" target="_blank" title="https://www.cs.umd.edu/~aseem/tsstar-tr.pdf">https://www.cs.umd.edu/~aseem/tsstar-tr.pdf</a></p>



<a name="152352526"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352526" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352526">(Dec 21 2018 at 19:24)</a>:</h4>
<p>that does a sort of static taint analysis on data coming from "untrusted" parts of the code, and models it in the form of an <code>un</code> type</p>



<a name="152352539"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352539" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352539">(Dec 21 2018 at 19:24)</a>:</h4>
<p>I think it's more or less like what <span class="user-mention" data-user-id="133214">@briansmith</span> is trying to do with the <code>untrusted</code> crate  (well, parsing bits aside), just as a first-class part of the type system</p>



<a name="152352602"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352602" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352602">(Dec 21 2018 at 19:25)</a>:</h4>
<blockquote>
<p><code>un</code>, the type of the adversary, mediated by wrappers</p>
</blockquote>



<a name="152352604"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352604" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352604">(Dec 21 2018 at 19:25)</a>:</h4>
<p>heh</p>



<a name="152352922"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152352922" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152352922">(Dec 21 2018 at 19:30)</a>:</h4>
<p>I always wanted to know if <code>untrusted</code> is suitable for parsing such formats as PNG or JPEG. Because it sure sounds nice, but according to the docs it's only applicable to a limited number of formats and I'm not sure if stuff like JPEG and PNG satisfies those constraints or not.</p>



<a name="152354336"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152354336" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152354336">(Dec 21 2018 at 19:55)</a>:</h4>
<p>First, I am planning to remove <code>untrusted</code> from the public API of both <em>ring</em> and webpki because people aren't using it the way I hoped they would.</p>



<a name="152354730"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152354730" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152354730">(Dec 21 2018 at 20:02)</a>:</h4>
<p>Second, I wouldn't use <code>untrusted</code> for the image parts of PNG and JPEG. It might work OK for the metadata. It is intended to handle variable-length data (in particular, vraiable-length headers), especially in tag-length-value formats like TLS, ASN.1, etc. that are inherently context-sensitive and security-critical. In particular, <code>untrusted</code> tries to force you to make your code very explicit about what parts of the input are being ignored, which is useful for these things but annoying for other things.</p>



<a name="152355298"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355298" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355298">(Dec 21 2018 at 20:12)</a>:</h4>
<p><span class="user-mention" data-user-id="133214">@briansmith</span> wdyt about the information you wanted <code>untrusted</code> to carry as part of the public API of <em>ring</em> and webpki being part of the type system?</p>



<a name="152355310"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355310" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355310">(Dec 21 2018 at 20:12)</a>:</h4>
<p>hypothetically (with a similar feature to something like ^^^ paper)</p>



<a name="152355365"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355365" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355365">(Dec 21 2018 at 20:13)</a>:</h4>
<p>The problem using <code>untrusted</code> to indicate potentially-malicious data, and <code>unsafe</code> to indicate potentially-unsafe code, is that they over-simplify more nuanced notions.</p>



<a name="152355471"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355471" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355471">(Dec 21 2018 at 20:15)</a>:</h4>
<p>yeah I wouldn't use <code>unsafe</code> for anything that didn't deal specifically with things like memory safety / data race safety</p>



<a name="152355583"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355583" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355583">(Dec 21 2018 at 20:17)</a>:</h4>
<p>I would have to see a concrete proposal specifically for Rust to say whether I like I don't like it, but practically I doubt there is any hope of such enhancements to the type system in the next couple of years.</p>



<a name="152355642"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152355642" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152355642">(Dec 21 2018 at 20:18)</a>:</h4>
<p>yeah that paper is built on the F* type system... which is fancier than Rusts's will probably ever be</p>



<a name="152400807"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152400807" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152400807">(Dec 22 2018 at 19:59)</a>:</h4>
<p>Okay, I have a rough outline of the the post about security as Rust goal in 2019: <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39</a><br>
If you have a Medium account you can comment there. I'm not sure if you can edit, probably not.</p>



<a name="152400872"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152400872" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152400872">(Dec 22 2018 at 20:00)</a>:</h4>
<p>It didn't occur to me to put it in Google Docs or Etherpad, so if you want to make edits just copy the text to Google Docs and post the link, we'll continue there</p>



<a name="152400931"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152400931" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152400931">(Dec 22 2018 at 20:02)</a>:</h4>
<p>Since this may go out as a secure code WG post, not just my post, I want to make sure that everyone's on board with the direction, structure, etc. Also if you're against it being an official WG comm please speak up.</p>



<a name="152476638"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152476638" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152476638">(Dec 24 2018 at 16:59)</a>:</h4>
<p>an official WG post sounds good</p>



<a name="152497292"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152497292" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152497292">(Dec 25 2018 at 04:30)</a>:</h4>
<p>I now consider the "Security updates" section in the <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">draft</a> complete. Please tear it to shreds, lest I publish that part it as-is.</p>



<a name="152501203"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152501203" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152501203">(Dec 25 2018 at 06:55)</a>:</h4>
<p>I'm unclear on if you're referring to just one section of that draft, or the entire draft. Which part will you publish first?</p>



<a name="152501207"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152501207" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152501207">(Dec 25 2018 at 06:55)</a>:</h4>
<p>In any case, the Security Updates seems good.</p>



<a name="152510888"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152510888" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152510888">(Dec 25 2018 at 12:43)</a>:</h4>
<p>Just one section. I'll post the entire article once it's done</p>



<a name="152517989"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152517989" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152517989">(Dec 25 2018 at 17:12)</a>:</h4>
<p>The "Verification of standard library" part is complete, but I'm not 100% confident it's good. So give it a read at your leisure and let me know what can be improved. <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">link</a></p>



<a name="152518815"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152518815" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152518815">(Dec 25 2018 at 17:42)</a>:</h4>
<p>I read the article and found no issues with it, actually found it to be very well-written and everything made good sense. FWIW, I know it's a draft, some aesthetical issues:</p>
<ul>
<li>
<p>"What if if they are not deploying via cargo install? What if it’s a library linked into another language?" One too many "if"'s</p>
</li>
<li>
<p>All links in the draft seemed not to be highlighted (in case that is unintentional, maybe it's just my browser)</p>
</li>
<li>
<p>Point 4 in unsafe code prior art is empty</p>
</li>
<li>
<p>Just a punctuation missing at the very end of the draft</p>
</li>
</ul>



<a name="152519666"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152519666" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152519666">(Dec 25 2018 at 18:14)</a>:</h4>
<p>Agreed with the above</p>



<a name="152521342"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152521342" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152521342">(Dec 25 2018 at 19:17)</a>:</h4>
<p>Thanks. I've replaced "What if if they are not deploying via cargo install? What if it's a library linked into another language?" with "What if the code is non-trivially deployed, like shared library linked into another language?"<br>
Links work for me. Either way that's a Medium styling issue, I have no control over it.</p>



<a name="152521400"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152521400" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152521400">(Dec 25 2018 at 19:18)</a>:</h4>
<p>I'm considering breaking up the wall of text in "Verification of standard library" section by making static analysis, fuzzing and formal verification into list items</p>



<a name="152521935"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152521935" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152521935">(Dec 25 2018 at 19:39)</a>:</h4>
<p>Okay, it is a list now.</p>



<a name="152521992"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152521992" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152521992">(Dec 25 2018 at 19:41)</a>:</h4>
<p>Also I completely forgot to mention RustBelt and nobody corrected me <span class="emoji emoji-1f606" title="laughing">:laughing:</span></p>



<a name="152524136"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152524136" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152524136">(Dec 25 2018 at 21:01)</a>:</h4>
<p>I ended up adding a "Code authentication and trust" section at the end talking about the general trust problem not being feasible in 2019 but something like TUF being needed.</p>



<a name="152525113"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152525113" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152525113">(Dec 25 2018 at 21:38)</a>:</h4>
<p>Found no issues with "Code authentication and trust" either, except for maybe add "out" after "called" in "something that security researchers have called years ago.".</p>



<a name="152525232"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152525232" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152525232">(Dec 25 2018 at 21:43)</a>:</h4>
<p>What I tried to convey is that security researchers have been saying that it's a problem for years, but only recently we've disovered an actual attack in practice. I'm having trouble conveying that succinctly.</p>



<a name="152525234"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152525234" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152525234">(Dec 25 2018 at 21:43)</a>:</h4>
<p>And yeah, good point, thanks</p>



<a name="152527650"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152527650" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> brycx <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152527650">(Dec 25 2018 at 23:14)</a>:</h4>
<p>No problem. If you aim for succinct, you could also write: "The recent event-stream node.js incident brought attention to a problem, pointed out by security researchers long ago: trusting third-party code." In any case, I think the point is conveyed just fine.</p>



<a name="152622077"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152622077" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152622077">(Dec 27 2018 at 21:33)</a>:</h4>
<p>Just a heads-up: I'm taking a break from everything programming-related until at least the 2nd of January, which includes WG logo design and the security as 2019 goal blog post. Feel free to complete and post the article without waiting on me. Otherwise I'll try to finish it after I return.</p>



<a name="152622099"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/152622099" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#152622099">(Dec 27 2018 at 21:33)</a>:</h4>
<p><a href="/user_uploads/4715/wOSOILpIF9tvD7RZ90oCWrlt/ferrii.tar.gz" target="_blank" title="ferrii.tar.gz">ferrii.tar.gz</a>  &lt; SVGs for logo designs I've posted so far, just in case</p>



<a name="154260559"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154260559" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154260559">(Jan 03 2019 at 19:25)</a>:</h4>
<p>There are so many Rust-related security advancements now that I have to go back and rewrite parts of the article for the second time now. First Angora got released, now this: <a href="https://www.research-collection.ethz.ch/handle/20.500.11850/311092" target="_blank" title="https://www.research-collection.ethz.ch/handle/20.500.11850/311092">https://www.research-collection.ethz.ch/handle/20.500.11850/311092</a><br>
<span class="user-mention" data-user-id="120791">@RalfJ</span> Any thoughts on this paper? This seems to be right up your alley.</p>



<a name="154402074"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154402074" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154402074">(Jan 04 2019 at 10:57)</a>:</h4>
<p>yeah I talked a bit with the authors</p>



<a name="154402118"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154402118" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154402118">(Jan 04 2019 at 10:58)</a>:</h4>
<p>it's pretty cool stuff IMO. still very limited right now, doesnt support complex types involving references. but still, I like where it is going.</p>



<a name="154435171"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154435171" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154435171">(Jan 04 2019 at 20:31)</a>:</h4>
<p><span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> may I ask you to write the intro and outro for the <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">security as 2019 goal post</a>? I feel pretty much lost as to how to write those.<br>
Also, we should probably start considering where we're going to put this. Do we want a WG publication on Medium or a static blog or something else?</p>



<a name="154435279"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154435279" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154435279">(Jan 04 2019 at 20:33)</a>:</h4>
<p>The good news is that I have just one technical paragraph to flesh out, "Use of unsafe code", the others are pretty much done</p>



<a name="154437414"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154437414" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Zach Reizner <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154437414">(Jan 04 2019 at 21:11)</a>:</h4>
<p>I would rather a static blog. I dislike seeing the (<a href="http://medium.com" target="_blank" title="http://medium.com">medium.com</a>) tag on hacker news because it masks the true author/blog.</p>



<a name="154447706"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154447706" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gerardo Di Giacomo <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154447706">(Jan 05 2019 at 00:11)</a>:</h4>
<p>does <a href="http://ghost.org" target="_blank" title="http://ghost.org">ghost.org</a> have the same "feature" ? nvm I see that ghost hosted is not free.</p>



<a name="154453235"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154453235" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154453235">(Jan 05 2019 at 02:20)</a>:</h4>
<p>It is open-source though, so we could probably host our own instance. Spoiler alert: I'm not going to bother, I have two websites on my hand already and I know all too well that it's a dead end.</p>



<a name="154456929"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154456929" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154456929">(Jan 05 2019 at 04:10)</a>:</h4>
<p>Okay, I think everything except the intro and outro is written, I just have a couple of TODOs left, so the draft is now ready for nitpicking: <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39</a></p>



<a name="154601466"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154601466" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154601466">(Jan 07 2019 at 21:10)</a>:</h4>
<p>I've written an intro but I'm not 100% happy with it. I'd appreciate if someone could take a look and suggest improvements. For reference, the goals are copy-pasted from <a href="https://github.com/rust-secure-code/wg" target="_blank" title="https://github.com/rust-secure-code/wg">https://github.com/rust-secure-code/wg</a><br>
I still have to write the conclusion and do some minor revisions to the technical sections. I will probably extract work items from the post and turn them into issues on the WG bug tracker.</p>



<a name="154612022"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612022" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612022">(Jan 08 2019 at 00:09)</a>:</h4>
<p>Sorry for the late reply, but yeah, I'd be happy to write an intro/outro.</p>



<a name="154612032"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612032" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612032">(Jan 08 2019 at 00:09)</a>:</h4>
<p>Still have to read the post though lol; I've been away for the past few weeks and just got back to the real world today.</p>



<a name="154612033"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612033" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612033">(Jan 08 2019 at 00:09)</a>:</h4>
<p>When are you hoping to publish this?</p>



<a name="154612671"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612671" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612671">(Jan 08 2019 at 00:21)</a>:</h4>
<p>Before the deadline of Jan 15th <span class="emoji emoji-1f606" title="laughing">:laughing:</span></p>



<a name="154612675"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612675" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612675">(Jan 08 2019 at 00:21)</a>:</h4>
<p>Ah lol OK</p>



<a name="154612680"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612680" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612680">(Jan 08 2019 at 00:21)</a>:</h4>
<p>I'll take a look in a few hours after work.</p>



<a name="154612727"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612727" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612727">(Jan 08 2019 at 00:22)</a>:</h4>
<p>I'm writing an outro right now; I'll sketch something, you're welcome to rewrite the entire thing from the ground up if you wish</p>



<a name="154612735"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612735" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612735">(Jan 08 2019 at 00:22)</a>:</h4>
<p>OK sounds good!</p>



<a name="154612914"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612914" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612914">(Jan 08 2019 at 00:27)</a>:</h4>
<p>I'm also filing some work items from the post as GitHub issues on the WG repo right now</p>



<a name="154612965"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154612965" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154612965">(Jan 08 2019 at 00:28)</a>:</h4>
<p>you can make a "2019 goal" label for those later if you think it's a good idea</p>



<a name="154763076"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154763076" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154763076">(Jan 09 2019 at 22:31)</a>:</h4>
<blockquote>
<p>There are so many Rust-related security advancements now that I have to go back and rewrite parts of the article for the second time now. First Angora got released, now this: <a href="https://www.research-collection.ethz.ch/handle/20.500.11850/311092" target="_blank" title="https://www.research-collection.ethz.ch/handle/20.500.11850/311092">https://www.research-collection.ethz.ch/handle/20.500.11850/311092</a></p>
</blockquote>
<p>btw <span class="user-mention" data-user-id="127617">@Shnatsel</span> one of the authors (<span class="user-mention" data-user-id="116109">@Vytautas Astrauskas</span>) is also active-ish on Zulip</p>



<a name="154768996"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154768996" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> snf <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154768996">(Jan 10 2019 at 00:22)</a>:</h4>
<p>hey guys, I'm publishing mine but I'd like to know if you find any inaccuracy or have feedback: <a href="https://github.com/snf/snf.github.com/blob/rust_2019/_posts/2019-01-10-rust-2019-security.md" target="_blank" title="https://github.com/snf/snf.github.com/blob/rust_2019/_posts/2019-01-10-rust-2019-security.md">https://github.com/snf/snf.github.com/blob/rust_2019/_posts/2019-01-10-rust-2019-security.md</a></p>



<a name="154809288"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154809288" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> blitzerr <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154809288">(Jan 10 2019 at 01:48)</a>:</h4>
<p><span class="user-mention" data-user-id="126943">@snf</span>  This is great.</p>



<a name="154827300"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154827300" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Vytautas Astrauskas [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154827300">(Jan 10 2019 at 09:43)</a>:</h4>
<p>In the <a href="https://medium.com/@shnatsel/6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/6a060116ba39">draft</a>:</p>
<blockquote>
<p>Tools based on theory of abstract interpretation do not work with Rust yet, but can be easily adapted — e.g. IKOS ingests LLVM IR and is not really tied to any specific language.</p>
</blockquote>
<p>A tool based on abstract interpretation is work in progress with focus on taint analysis: <a href="https://github.com/facebookexperimental/MIRAI/" target="_blank" title="https://github.com/facebookexperimental/MIRAI/">https://github.com/facebookexperimental/MIRAI/</a>.</p>



<a name="154827365"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154827365" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Vytautas Astrauskas [he/him] <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154827365">(Jan 10 2019 at 09:44)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> ^^</p>



<a name="154865991"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154865991" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154865991">(Jan 10 2019 at 19:48)</a>:</h4>
<blockquote>
<p>The community has already learned that Rewrite it in Rust doesn't scale and it's a dangerous meme.</p>
</blockquote>
<p>Really? I am not aware of that. In fact, I'd still push for RIIR for all existing base infrastructure, from libpng to OpenSSL. Which in some cases already happening (png and jpeg crates, lewton, rustls...). The rsvg way is still better though!</p>
<p>But I'm nitpicking, an interesting post overall, thanks for writing it</p>



<a name="154866014"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154866014" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154866014">(Jan 10 2019 at 19:49)</a>:</h4>
<p>And thanks for the pointer about MIRAI, I'll be sure to mention it</p>



<a name="154874185"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154874185" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> snf <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154874185">(Jan 10 2019 at 21:39)</a>:</h4>
<p>Thanks <span class="user-mention" data-user-id="127617">@Shnatsel</span> , I think we are referring to two different things about RIIR. libpng is not changing much so a rewrite makes sense and is not a huge effort if someone decide to make it happen. Now take Xen or KVM and it's a completely different story, it moves fast and the best way to introduce Rust in there is starting with new components or parts that are going to be rewritten anyway but RIIR is (pretty sure) off the table. In this cases I like the Servo-&gt;Firefox way</p>



<a name="154874311"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154874311" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154874311">(Jan 10 2019 at 21:41)</a>:</h4>
<p>Then I guess it's better to say "Gradually integrating Rust is a better option for fast-moving projects than a rewrite" than "RIIR is a dangerous meme" and leave it at that</p>



<a name="154874420"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154874420" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> snf <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154874420">(Jan 10 2019 at 21:42)</a>:</h4>
<blockquote>
<p>The community has already learned that Rewrite it in Rust doesn’t scale and it’s a dangerous meme.<br>
On the other hand, one of the things that I learned is that gradually replacing C/C++ with Rust code works quite well. The same happens with encapsulating C code with safe Rust abstractions.</p>
</blockquote>



<a name="154874707"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154874707" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> snf <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154874707">(Jan 10 2019 at 21:46)</a>:</h4>
<p>But you are right, if it sounds like that I'm not explaining myself correctly. I think we both agree about the idea of RIIR</p>



<a name="154985258"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154985258" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154985258">(Jan 12 2019 at 14:06)</a>:</h4>
<p>We have thee days left to complete and publish our "Security as Rust 2019 goal" post. The current draft is here:  <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39</a><br>
Remaining work items:<br>
 - Improve the introduction (?)<br>
 - Write a conclusion<br>
 - Get feedback on the draft to make sure everyone is on board with it, since it's going out as an official WG comm<br>
 - Mention sanitizers and MIRI in there somewhere<br>
 - Extract work items from the post and put them in github issues on the WG repo. Bonus points for actually putting actionable work items on the issues.</p>



<a name="154985317"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154985317" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154985317">(Jan 12 2019 at 14:08)</a>:</h4>
<p>Oh and maybe make a WG blog, but I can publish it on my blog as well if needed</p>



<a name="154985456"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154985456" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154985456">(Jan 12 2019 at 14:12)</a>:</h4>
<p>Related post from RalphJ: <a href="https://www.ralfj.de/blog/2019/01/12/rust-2019.html" target="_blank" title="https://www.ralfj.de/blog/2019/01/12/rust-2019.html">https://www.ralfj.de/blog/2019/01/12/rust-2019.html</a></p>



<a name="154989776"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154989776" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154989776">(Jan 12 2019 at 16:24)</a>:</h4>
<p>I'd help but I'm trying to finish up my own post, which in as much as it's prescriptive doesn't have any "don't"s... slightly different tone, and also a bit of a brain dump</p>



<a name="154993668"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154993668" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154993668">(Jan 12 2019 at 18:08)</a>:</h4>
<p><span class="user-mention" data-user-id="132721">@Tony Arcieri</span> if you disagree with the post I've drafted let me know and I'll either change it or publish it as a personal article</p>



<a name="154993985"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154993985" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154993985">(Jan 12 2019 at 18:17)</a>:</h4>
<p>if there's a disagreement, it's my own propensity to tilt at windmills, and my post will cover that</p>



<a name="154994030"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/154994030" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#154994030">(Jan 12 2019 at 18:18)</a>:</h4>
<p>i.e. "stuff I'm willing to work on I don't expect others to, or even agree is a good idea" <span class="emoji emoji-1f61c" title="stuck out tongue wink">:stuck_out_tongue_wink:</span></p>



<a name="155045886"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155045886" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155045886">(Jan 13 2019 at 20:48)</a>:</h4>
<p>We have one day left until the blog post deadline. If nobody intervenes, I'm writing a conclusion as best I can and post it on my personal blog.</p>



<a name="155055758"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155055758" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155055758">(Jan 14 2019 at 01:52)</a>:</h4>
<p><span class="user-mention" data-user-id="119167">@Corey Farwell</span> could you add me to rust-secure-code on Github so I could tag 2019 goals on the bug tracker?</p>



<a name="155058400"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155058400" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Corey Farwell <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155058400">(Jan 14 2019 at 03:12)</a>:</h4>
<p>only <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> has the permissions to invite to the org AFAIK</p>



<a name="155111065"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111065" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111065">(Jan 14 2019 at 19:49)</a>:</h4>
<p><span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> heed my call.<br>
<span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> I summon thee.<br>
<span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span> bless us with your presence.</p>
<p>This be my first wish: add me to rust-secure-code org on github.<br>
This be my second wish: confirm that you're not writing the conclusion to the 2019 goals post. <br>
This be my third wish: revocation of N-meta-rules about wishes.</p>



<a name="155111203"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111203" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111203">(Jan 14 2019 at 19:51)</a>:</h4>
<p>Gack sorry folks. This weekend has been crazy so I've been ignoring Zulip.</p>



<a name="155111240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111240">(Jan 14 2019 at 19:51)</a>:</h4>
<p>Praised be <span class="user-mention" data-user-id="132362">@Joshua Liebow-Feeser</span>! Our prayers have been answered!</p>



<a name="155111314"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111314" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111314">(Jan 14 2019 at 19:52)</a>:</h4>
<p>But for real now, totally understandable, don't sweat it. It's just this inconvenient deadline on 2019 goals posts is kind of looming.</p>



<a name="155111332"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111332" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111332">(Jan 14 2019 at 19:52)</a>:</h4>
<p>OK I've invited you to the org.</p>



<a name="155111370"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111370" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111370">(Jan 14 2019 at 19:53)</a>:</h4>
<p>Also yes, confirmed that you shouldn't rely on me to write the conclusion. I will try to provide feedback if I can, but I am definitely going to be unreliable over the next few days :)</p>



<a name="155111395"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111395" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111395">(Jan 14 2019 at 19:53)</a>:</h4>
<p>I'm looking to complete and publish this sometime in the next 6 hours</p>



<a name="155111397"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111397" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111397">(Jan 14 2019 at 19:53)</a>:</h4>
<p>Thank you so much to everybody who's put in work on this post, btw!</p>



<a name="155111423"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111423" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111423">(Jan 14 2019 at 19:54)</a>:</h4>
<p>Ah OK</p>



<a name="155111463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111463">(Jan 14 2019 at 19:54)</a>:</h4>
<p>Probably going on my blog because we don't have WG blog yet. I mean I could go ahead and set up a WG medium and select my submission for the logo while I'm at it but... eh. That feels narcissistic.</p>



<a name="155111516"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111516" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111516">(Jan 14 2019 at 19:55)</a>:</h4>
<p>Instead I'm going to move the work items from the post to the WG issue tracker and tag them as 2019 goals. If I overdo it, comment in there and we'll close the superfluous ones.</p>



<a name="155111619"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111619" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111619">(Jan 14 2019 at 19:57)</a>:</h4>
<p>Yeah I think just putting it on your blog and marking it as the Secure Code WG post is fine.</p>



<a name="155111866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155111866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155111866">(Jan 14 2019 at 20:00)</a>:</h4>
<p>Okay, I think I'm all set then. Thanks!</p>



<a name="155120923"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155120923" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155120923">(Jan 14 2019 at 21:32)</a>:</h4>
<p>It has just hit me. The deadline is for submissions to the core Rust teams. The submissions are <em>private.</em> We can share the info with the core teams before we go for the full press release!</p>



<a name="155120989"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155120989" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Liebow-Feeser <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155120989">(Jan 14 2019 at 21:32)</a>:</h4>
<p>Oh that's awesome! So we can give them a draft and spend time polishing before we publish?</p>



<a name="155122676"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155122676" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155122676">(Jan 14 2019 at 21:53)</a>:</h4>
<p>Oh my god this is so precious! <a href="https://flic.kr/p/656T74" target="_blank" title="https://flic.kr/p/656T74">https://flic.kr/p/656T74</a><br>
And it's under Creative Commons Attribution! I think we have a cover image</p>



<a name="155124663"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155124663" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155124663">(Jan 14 2019 at 22:20)</a>:</h4>
<p>I have no clue whom <a href="mailto:community@rust-lang.org" title="mailto:community@rust-lang.org">community@rust-lang.org</a> actually emails, but that's the email they we're asked to submit roadmap posts to</p>



<a name="155126649"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155126649" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155126649">(Jan 14 2019 at 22:50)</a>:</h4>
<p>Okay, that's community team, not a very public mailing list, so I've submitted the draft as it is right now.</p>



<a name="155128749"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155128749" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> blitzerr <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155128749">(Jan 14 2019 at 23:24)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> , do you also plan to post it <a href="https://internals.rust-lang.org/" target="_blank" title="https://internals.rust-lang.org/">here</a> ?</p>



<a name="155129146"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155129146" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155129146">(Jan 14 2019 at 23:29)</a>:</h4>
<p>Frankly I did not intend to. I thought Reddit would be enough, and I prefer to have all the discussion in one place. Maybe link from internals to reddit? Dunno. I certainly wouldn't stop anyone from cross-posting it, though!</p>



<a name="155129489"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155129489" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155129489">(Jan 14 2019 at 23:32)</a>:</h4>
<p>Okay, so. Current draft: <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-draft-6a060116ba39</a><br>
<strong>Publication blockers:</strong><br>
1. Write a proper conclusion. I suddenly cannot into writing.<br>
2. Find a place to put <a href="https://flic.kr/p/656T74" target="_blank" title="https://flic.kr/p/656T74">https://flic.kr/p/656T74</a> so that it doesn't detract from the content of the article, or give up on the idea. Probably should go to the conclusion, actually.<br>
3. Give the article a read and see what action items I forgot to put on the WG bug tracker<br>
<strong>Nice to haves:</strong><br>
1. Polish up the intro or decide it's good enough<br>
2. Break down issues on WG repo into actionable work items</p>



<a name="155282366"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282366" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282366">(Jan 16 2019 at 19:53)</a>:</h4>
<p>I can tweet it</p>



<a name="155282377"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282377" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282377">(Jan 16 2019 at 19:53)</a>:</h4>
<p>finally something to tweet about <span class="emoji emoji-1f603" title="smiley">:smiley:</span></p>



<a name="155282385"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282385" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282385">(Jan 16 2019 at 19:53)</a>:</h4>
<p>(with @rustsecurecode)</p>



<a name="155282400"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282400" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282400">(Jan 16 2019 at 19:53)</a>:</h4>
<p>Nice. We just have to finish it first though XD</p>



<a name="155282403"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282403" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282403">(Jan 16 2019 at 19:53)</a>:</h4>
<p>it has 98 followers and 1 tweet</p>



<a name="155282418"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282418" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282418">(Jan 16 2019 at 19:53)</a>:</h4>
<p>haha, ditto for my personal post <span class="emoji emoji-1f629" title="weary">:weary:</span></p>



<a name="155282474"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282474" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282474">(Jan 16 2019 at 19:54)</a>:</h4>
<p>I have about that much on Medium for 3 long-form articles, so I think that's a good number</p>



<a name="155282491"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282491" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282491">(Jan 16 2019 at 19:54)</a>:</h4>
<p>yeah this thing is a monster and I've already deleted at least half of what I've written</p>



<a name="155282492"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282492" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282492">(Jan 16 2019 at 19:54)</a>:</h4>
<p>I think I've just read your personal post? Did I time-travel?</p>



<a name="155282501"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282501" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282501">(Jan 16 2019 at 19:54)</a>:</h4>
<p>haha I need to note it's WIP</p>



<a name="155282540"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282540" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282540">(Jan 16 2019 at 19:55)</a>:</h4>
<p><a href="https://www.reddit.com/r/rust/comments/agk3sx/" target="_blank" title="https://www.reddit.com/r/rust/comments/agk3sx/">https://www.reddit.com/r/rust/comments/agk3sx/</a> this links to your post right?</p>



<a name="155282650"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282650" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282650">(Jan 16 2019 at 19:56)</a>:</h4>
<p>yes. lol great it's already on reddit</p>



<a name="155282665"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282665" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282665">(Jan 16 2019 at 19:56)</a>:</h4>
<p>since 8 hours ago</p>



<a name="155282689"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282689" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282689">(Jan 16 2019 at 19:57)</a>:</h4>
<p>So you're still writing yours? And there I thought I'd ask you to complete the WG post, since you're clearly pretty good at this and I suddenly cannot into words</p>



<a name="155282700"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282700" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282700">(Jan 16 2019 at 19:57)</a>:</h4>
<p>haha</p>



<a name="155282709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282709">(Jan 16 2019 at 19:57)</a>:</h4>
<p>yeah I wanted to write about crate security</p>



<a name="155282713"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282713" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282713">(Jan 16 2019 at 19:57)</a>:</h4>
<p>and also rustsec</p>



<a name="155282781"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282781" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282781">(Jan 16 2019 at 19:58)</a>:</h4>
<p>I added a WIP note at the top</p>



<a name="155282813"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282813" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282813">(Jan 16 2019 at 19:58)</a>:</h4>
<p>Here's a hotfix: write the conclusion for the WG post and just link to it, since we already have extensive description of that</p>



<a name="155282828"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282828" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282828">(Jan 16 2019 at 19:58)</a>:</h4>
<p>haha sure</p>



<a name="155282835"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155282835" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155282835">(Jan 16 2019 at 19:58)</a>:</h4>
<p>let me finish my post first <span class="emoji emoji-1f609" title="wink">:wink:</span></p>



<a name="155283316"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155283316" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155283316">(Jan 16 2019 at 20:04)</a>:</h4>
<p>I am somewhat surprised that the WG post draft is still not on Reddit</p>



<a name="155283327"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155283327" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155283327">(Jan 16 2019 at 20:04)</a>:</h4>
<p>hahaha</p>



<a name="155301044"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155301044" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gerardo Di Giacomo <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155301044">(Jan 17 2019 at 00:37)</a>:</h4>
<blockquote>
<p>I am somewhat surprised that the WG post draft is still not on Reddit</p>
</blockquote>
<p>when will it be officially published?</p>



<a name="155336880"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155336880" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155336880">(Jan 17 2019 at 14:03)</a>:</h4>
<p>did this make it to <a href="https://readrust.net/rust-2019/" target="_blank" title="https://readrust.net/rust-2019/">https://readrust.net/rust-2019/</a> ?</p>



<a name="155336885"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155336885" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155336885">(Jan 17 2019 at 14:03)</a>:</h4>
<p>I've been using that as my go to list of "all the posts"</p>



<a name="155336953"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155336953" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155336953">(Jan 17 2019 at 14:04)</a>:</h4>
<p>I didn't see it there though, maybe i'm searching for the wrong thing (there is a post by <span class="user-mention" data-user-id="132721">@Tony Arcieri</span>)</p>



<a name="155346275"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155346275" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155346275">(Jan 17 2019 at 15:58)</a>:</h4>
<p>doesn't look like <span class="user-mention" data-user-id="127617">@Shnatsel</span> posted it yet. mine is separate</p>



<a name="155356356"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155356356" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155356356">(Jan 17 2019 at 18:18)</a>:</h4>
<p>Not yet. We still need someone to write a satisfying conclusion. My ability to put thoughts into words broke down at the most inopportune moment, when deadlines were looming and other active participants were busy.</p>



<a name="155356364"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155356364" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155356364">(Jan 17 2019 at 18:18)</a>:</h4>
<p>As soon as we add those two damn paragraphs it will go live</p>



<a name="155356595"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155356595" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155356595">(Jan 17 2019 at 18:22)</a>:</h4>
<p>I'm still finishing mine as well, but I can take a shot at a conclusion to the WG post after that</p>



<a name="155358066"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155358066" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155358066">(Jan 17 2019 at 18:43)</a>:</h4>
<p>I opened an issue about reproducible build tooling which I think would make a good 2019 goal. we already have an awful lot though, so I'm curious what other people think <a href="https://github.com/rust-secure-code/wg/issues/28" target="_blank" title="https://github.com/rust-secure-code/wg/issues/28">https://github.com/rust-secure-code/wg/issues/28</a></p>



<a name="155358440"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155358440" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155358440">(Jan 17 2019 at 18:48)</a>:</h4>
<p>I should ping the Signal / OWS people I know about this. I believe they've done a bunch of work on it</p>



<a name="155358586"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155358586" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155358586">(Jan 17 2019 at 18:50)</a>:</h4>
<p>OWS uses Rust?</p>



<a name="155358805"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155358805" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155358805">(Jan 17 2019 at 18:53)</a>:</h4>
<p>For all the talk about reproducible builds and the work towards them, I've never seen anyone actually use reproducible builds in any meaningful way. Because of that I'm hesitant about taking them on as a 2019 goal. Sure, they're nice to have, but we have much bigger fish to fry</p>



<a name="155364856"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155364856" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155364856">(Jan 17 2019 at 20:07)</a>:</h4>
<p>Can anyone suggest a good crate providing safe abstractions that stdlib lacks? I hear byteorder is pretty good but I'm not sure how to even do that unsafely</p>



<a name="155366469"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155366469" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155366469">(Jan 17 2019 at 20:30)</a>:</h4>
<p><strong>FINAL DRAFT</strong><br>
<a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39</a><br>
Please read and see if you disagree with anything or if I've missed something obvious.<br>
<del>There is one TODO remaining: highlight a good crate providing a safe abstraction for some common functionality. If we can't name one I'll just drop that item.</del> nevermind, I've picked byteorder</p>



<a name="155366860"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155366860" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155366860">(Jan 17 2019 at 20:36)</a>:</h4>
<p>If there are no objections or corrections, this will go live <strong>AS IS </strong> in 14 hours from now</p>



<a name="155366888"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155366888" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155366888">(Jan 17 2019 at 20:36)</a>:</h4>
<p><span class="user-mention" data-user-id="144034">@Gerardo Di Giacomo</span> <span class="emoji emoji-261d" title="point of information">:point_of_information:</span> that should answer your question</p>



<a name="155368092"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155368092" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gerardo Di Giacomo <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155368092">(Jan 17 2019 at 20:52)</a>:</h4>
<p>thanks for the work <span class="user-mention" data-user-id="127617">@Shnatsel</span> I hope I'll be able to contribute</p>



<a name="155368529"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155368529" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155368529">(Jan 17 2019 at 20:58)</a>:</h4>
<p>We're still missing actionable work items for many broad goals on the bug tracker. So if you're looking for something easy and important to do, you've just found it.</p>



<a name="155369665"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/155369665" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#155369665">(Jan 17 2019 at 21:12)</a>:</h4>
<p>Oh by Aiheu, Rust 1.32 has just dropped and made <code>byteorder</code> crate kinda obsolete. I have just updated the post <em>again.</em> A good problem to have though.</p>



<a name="156337517"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156337517" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156337517">(Jan 18 2019 at 01:50)</a>:</h4>
<p><span class="user-mention" data-user-id="127617">@Shnatsel</span> IMO the API that Rust 1.32 exposes for those conversions is far from Ideal, as the endianness of the data isn't reflected in the types. I wish we'd standardized something like <a href="https://github.com/briansmith/ring/blob/master/src/endian.rs" target="_blank" title="https://github.com/briansmith/ring/blob/master/src/endian.rs">https://github.com/briansmith/ring/blob/master/src/endian.rs</a>. Maybe we can still do so.</p>



<a name="156337609"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156337609" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> briansmith <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156337609">(Jan 18 2019 at 01:53)</a>:</h4>
<p>I actually went to update that code today to take advantage of the new stuff in 1.32 and found that 1.32 doesn't actually make anything better.</p>



<a name="156346652"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346652" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346652">(Jan 18 2019 at 05:59)</a>:</h4>
<p>haha I read what <span class="user-mention" data-user-id="127617">@Shnatsel</span> said and went to check on a particular little thing that I find particularly painful</p>



<a name="156346655"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346655" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346655">(Jan 18 2019 at 05:59)</a>:</h4>
<p>which I presently solve with <code>byteorder</code></p>



<a name="156346658"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346658" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346658">(Jan 18 2019 at 05:59)</a>:</h4>
<p>and... nope</p>



<a name="156346867"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346867" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346867">(Jan 18 2019 at 06:05)</a>:</h4>
<p>so right now with <code>byteorder</code> I do it with the I/O operations, but uhh, what I'd really like is more general than that</p>



<a name="156346872"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346872" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346872">(Jan 18 2019 at 06:05)</a>:</h4>
<p>(the I/O operations are what I was alluding to earlier)</p>



<a name="156346917"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346917" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346917">(Jan 18 2019 at 06:06)</a>:</h4>
<p>but I'd also prefer something that's <code>#![no_std]</code> friendly but accomplishes the same thing</p>



<a name="156346936"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346936" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346936">(Jan 18 2019 at 06:07)</a>:</h4>
<p>something like...</p>
<p>(EDIT: lol as I write this it is clearly not the correct abstraction but I'll try anyway so you can all revel in the horror and think of something better)</p>



<a name="156346997"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156346997" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156346997">(Jan 18 2019 at 06:08)</a>:</h4>
<p>let's see if <span class="user-mention" data-user-id="133214">@briansmith</span> has a better solution first</p>



<a name="156347009"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156347009" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156347009">(Jan 18 2019 at 06:09)</a>:</h4>
<p>hmm doesn't look like it guess I'll post my horrible half-baked thing</p>



<a name="156347074"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156347074" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156347074">(Jan 18 2019 at 06:10)</a>:</h4>
<div class="codehilite"><pre><span></span><span class="k">impl</span><span class="w"> </span><span class="nb">Iterator</span><span class="o">&lt;</span><span class="n">Item</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kt">u8</span><span class="o">&gt;</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">pub</span><span class="w"> </span><span class="n">try_take_u128_le</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="nb">Option</span><span class="o">&lt;</span><span class="n">u128</span><span class="o">&gt;</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="p">[...]</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>

<span class="w">    </span><span class="p">[...</span><span class="w"> </span><span class="n">and</span><span class="w"> </span><span class="n">so</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="p">...]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="156347086"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156347086" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156347086">(Jan 18 2019 at 06:11)</a>:</h4>
<p>ok maybe not that bad</p>



<a name="156347131"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156347131" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156347131">(Jan 18 2019 at 06:13)</a>:</h4>
<p>perhaps that should return a <code>Take&lt;u128&gt;</code>?</p>



<a name="156347143"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156347143" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156347143">(Jan 18 2019 at 06:13)</a>:</h4>
<p>ok round two I guess:</p>
<div class="codehilite"><pre><span></span><span class="k">impl</span><span class="w"> </span><span class="nb">Iterator</span><span class="o">&lt;</span><span class="n">Item</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kt">u8</span><span class="o">&gt;</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">pub</span><span class="w"> </span><span class="n">take_u128_le</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="nc">Take</span><span class="o">&lt;</span><span class="n">u128</span><span class="o">&gt;</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">        </span><span class="p">[...]</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>

<span class="w">    </span><span class="p">[...</span><span class="w"> </span><span class="n">and</span><span class="w"> </span><span class="n">so</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="p">...]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</pre></div>



<a name="156388315"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156388315" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156388315">(Jan 18 2019 at 18:22)</a>:</h4>
<p>Okay, nobody objected, so it is now live: <a href="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39" target="_blank" title="https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39">https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39</a></p>



<a name="156388759"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156388759" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156388759">(Jan 18 2019 at 18:29)</a>:</h4>
<p>Reddit thread: <a href="https://www.reddit.com/r/rust/comments/ahdc9e/" target="_blank" title="https://www.reddit.com/r/rust/comments/ahdc9e/">https://www.reddit.com/r/rust/comments/ahdc9e/</a></p>



<a name="156388786"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156388786" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156388786">(Jan 18 2019 at 18:29)</a>:</h4>
<p>Maybe I should get around to requesting a <a href="http://lobste.rs" target="_blank" title="http://lobste.rs">lobste.rs</a> account</p>



<a name="156390709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156390709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156390709">(Jan 18 2019 at 18:54)</a>:</h4>
<p>nice! I'll tweet it</p>



<a name="156391094"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156391094" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156391094">(Jan 18 2019 at 18:59)</a>:</h4>
<p><a href="https://twitter.com/rustsecurecode/status/1086337299393110016" target="_blank" title="https://twitter.com/rustsecurecode/status/1086337299393110016">https://twitter.com/rustsecurecode/status/1086337299393110016</a></p>
<div class="inline-preview-twitter"><div class="twitter-tweet"><a href="https://twitter.com/rustsecurecode/status/1086337299393110016" target="_blank"><img class="twitter-avatar" src="https://pbs.twimg.com/profile_images/1053076545219158016/8WnJhT-R_normal.jpg"></a><p>Check out the Rust Secure Code WG's #Rust2019 blog post! We're trying to make it easy to write secure code in Rust
<a href="https://t.co/v7ALW6gcGQ" target="_blank" title="https://t.co/v7ALW6gcGQ">https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39</a></p><span>- Rust Secure Code WG (@rustsecurecode)</span></div></div>



<a name="156391886"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156391886" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gerardo Di Giacomo <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156391886">(Jan 18 2019 at 19:09)</a>:</h4>
<p>I tweeted it too but I'm not as famous as <span class="user-mention" data-user-id="132721">@Tony Arcieri</span> :D</p>



<a name="156397936"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156397936" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156397936">(Jan 18 2019 at 20:40)</a>:</h4>
<p>it's kinda obscure on reddit still, so upvotes would be appreciated: <a href="https://www.reddit.com/r/rust/comments/ahdc9e/" target="_blank" title="https://www.reddit.com/r/rust/comments/ahdc9e/">https://www.reddit.com/r/rust/comments/ahdc9e/</a></p>



<a name="156398222"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156398222" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156398222">(Jan 18 2019 at 20:44)</a>:</h4>
<p>Cross-posted to internals forum too: <a href="https://internals.rust-lang.org/t/rust-secure-code-wg-2019-roadmap/9237" target="_blank" title="https://internals.rust-lang.org/t/rust-secure-code-wg-2019-roadmap/9237">https://internals.rust-lang.org/t/rust-secure-code-wg-2019-roadmap/9237</a></p>



<a name="156412836"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156412836" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156412836">(Jan 19 2019 at 00:59)</a>:</h4>
<p>Eh, it's not really taking off. Maybe I should have invested time in a flashier headline.</p>



<a name="156413015"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156413015" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Gerardo Di Giacomo <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156413015">(Jan 19 2019 at 01:03)</a>:</h4>
<p>posted it on hackernews as well <a href="https://news.ycombinator.com/item?id=18944569" target="_blank" title="https://news.ycombinator.com/item?id=18944569">https://news.ycombinator.com/item?id=18944569</a></p>



<a name="156434420"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156434420" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156434420">(Jan 19 2019 at 11:54)</a>:</h4>
<p>Just 1250 views in one day? I must be losing my touch.</p>



<a name="156486591"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156486591" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156486591">(Jan 20 2019 at 15:59)</a>:</h4>
<p>Turns out there is a Rust codegen WG, we might want to keep in touch with them on the issue of better compiler optimizations so that people would not resort to <code>unsafe</code>: <a href="https://internals.rust-lang.org/t/announcing-the-codegen-working-group/7434?u=shnatsel" target="_blank" title="https://internals.rust-lang.org/t/announcing-the-codegen-working-group/7434?u=shnatsel">https://internals.rust-lang.org/t/announcing-the-codegen-working-group/7434?u=shnatsel</a></p>



<a name="156573018"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Security%20as%202019%20goal/near/156573018" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Security.20as.202019.20goal.html#156573018">(Jan 22 2019 at 02:00)</a>:</h4>
<p>The article seems to have topped out at 1.6k views and 500 reads. I'll try a catchier headline next time.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>